- Researchers have discovered a new type of side-channel attack called SLAM that can bypass the security features of modern CPUs.
- This attack takes advantage of the CPU’s memory capabilities that allow it to store untranslated data bits in kernel metadata to extract encryption keys and root passwords.
Current and upcoming CPUs from Intel, Arm, and AMD with Linear Address Masking (LAM), Top Byte Ignore (TBI), and Upper Access Ignore (UAI) security features protect against a new type of side-channel attack called Specter. was found to be vulnerable. Based on linear masking (SLAM). This attack is based on the Specter BHI attack and can bypass hardware protections and expose password hashes in kernel memory.
SLAM is a type of temporal execution-based attack that takes advantage of memory capabilities that allow software to store kernel metadata using untranslated data bits within 64-bit linear addresses. A malicious attacker can manipulate instructions in the software code to trigger execution in a way that reveals sensitive data, including information from various programs and operating systems.
This threat is believed to be caused by insufficient normality checks in the chip design. LAM, UAI, and TBI help manage and secure memory, but they also open up the microarchitecture to exploitation. According to the research team, SLAM is effective against future Intel CPUs that support LAM, future AMD CPUs that support UAI and 5-level paging, Arm CPUs that support TBI and 5-level paging, and CVE-2020-12965. May affect current AMD CPUs that are vulnerable.
see next: Meta and IBM lead partnership to challenge leadership in artificial intelligence
The vulnerability was discovered by system and network security researchers at the Free University of Amsterdam. The team disclosed the issue to semiconductor OEMs. Intel has stated its intention to fix this vulnerability before new processors are released. Linux has already released a patch for the flaw, but Arm and AMD say their existing protections are sufficient to mitigate the threat.
Share your thoughts on What do you think about the rise in computer exploits? linkedin, Xor Facebook. We look forward to hearing from you!
Image source: Shutterstock